Skip to content

Instantly share code, notes, and snippets.

Avatar
🍊
Something

Aleksei hellman

🍊
Something
View GitHub Profile
@msjyryxdzzj
msjyryxdzzj / sol.sage
Last active Jan 12, 2021
RWCTF 3rd - Crypto - Old Curse solve script
View sol.sage
from Crypto.Util.number import *
PR.<qr>=PolynomialRing(ZZ)
def calc_params(e,N):
delta = 0.1
gama = 0.05
beta = log(e,N).n()
alpha = 0.25
return alpha,beta,delta,gama
@rekkusu
rekkusu / sharsable.sage
Last active Oct 19, 2020
SECCON 2020 Online CTF sharsable author writeup
View sharsable.sage
# Overview
# This challenge is based on May's version of Wiener's Attack
# (https://www.math.uni-frankfurt.de/~dmst/teaching/WS2015/Vorlesung/Alex.May.pdf)
# But the attack can't be apply to the challenge because it has 2 exponents,
# so you have to extend the method of May.
# After LLL, choose 2 shortest vectors and reconstruct polynomial.
# then pick coefficients and decrypt ciphertext
import json
from binascii import unhexlify
@birdg0
birdg0 / solve.c
Last active Sep 27, 2020
Official solution for "Shoplifters" of 0CTF/TCTF 2020 Finals
View solve.c
/*
gcc -m64 -nostdlib -Os -mrtm -fno-toplevel-reorder -static -Wno-multichar solve.c -o solve.elf
objcopy -Obinary -j .text solve.elf solve.bin
Reference https://github.com/Alberts-Coffee-Hours/Mastik/blob/master/src/l1.c,
https://github.com/vusec/ridl/blob/master/exploits/shadow/leak.c
and https://github.com/oranav/ctf-writeups/blob/master/gctf19/RIDL/solve.c
*/
#include <stdio.h>
#include <stdlib.h>
@ruan777
ruan777 / MultipleMultiply.ipynb
Created Jun 2, 2020
RCTF2020 Crypto solution
View MultipleMultiply.ipynb
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@hellman
hellman / ctfzone2019_ntru_active_attack.py
Last active Dec 1, 2019
CTFZone 2019 Quals - NTRU (Crypto - Hard)
View ctfzone2019_ntru_active_attack.py
#!/usr/bin/python3
"""
The decryption looks like this:
(f * ctpol) % q * inverse(f, mod 3) % 3
Note that;
- (f) is a "small" polynomial (61 values 1 and -1, others are zero).
- (% q) is done to [-63; 64]
If (f*ctpol) does not wrap over q
@jhs7jhs
jhs7jhs / solver.sage
Created Nov 6, 2019
Multivariate Coppersmith method
View solver.sage
class IIter:
def __init__(self, m, n):
self.m = m
self.n = n
self.arr = [0 for _ in range(n)]
self.sum = 0
self.stop = False
def __iter__(self):
return self
@hellman
hellman / 0_challenge_sol.md
Last active Oct 11, 2019
Balsn CTF 2019 - pyshv1,2,3 (misc)
View 0_challenge_sol.md

pyshv1 (572)

The challenge contains two modules:

# File: securePickle.py

import pickle, io

whitelist = []
@elliptic-shiho
elliptic-shiho / solve.rb
Last active Sep 2, 2019
TokyoWesterns CTF 2019 - happy! Solver & simple writeup
View solve.rb
require_relative './happy' # rename happy -> happy.rb
q = 180754955592872777770305021165949447837520820408608437544593001477325680227199967219036800612237524673886247520794601572290402702594122131782305474875236404413820478308317235725623037177247985490515533618988964977186476558003216903
p = 166878663790065040663149504970052368124427462024107500159158464138407657299730521908976684364578086644682045134207945137293534705688910696520830729908263578233018529387676221035298300775812585471932551347478303730822844748034186479
k = 2
e = 65537
d1 = e.pow((p - 1) / 2 - 2, (p - 1))
d2 = e.pow(((q - 1) / 2 - 1) * (q - 1) * (k > 1 ? q ** (k - 2) : 1) - 1, q ** (k - 1) * (q - 1))
cf = p.pow(q ** (k - 1) * (q - 1) - 1, q ** k)
key = Key.new({
@ngg
ngg / fastcoll.patch
Created Apr 7, 2019
fastcoll patch for md5suffix
View fastcoll.patch
diff --git a/block0.cpp b/block0.cpp
index ad99358..e92eb04 100644
--- a/block0.cpp
+++ b/block0.cpp
@@ -83,11 +83,18 @@ void find_block0(uint32 block[], const uint32 IV[])
Q[Qoff + 16] = (xrng64() & 0x1ffdffff) | 0xa0000000 | (~Q[Qoff + 15] & 0x40020000);
MD5_REVERSE_STEP(0, 0xd76aa478, 7);
+ if (!ok_uint32(block[0])) continue;
MD5_REVERSE_STEP(6, 0xa8304613, 17);
@pfasante
pfasante / sboxes_4bit_ae_classes.py
Created Jun 25, 2018
Affine Equivalence Classes of 4-bit S-boxes
View sboxes_4bit_ae_classes.py
from sage.crypto.sbox import SBox
# List taken from De Canniere's PhD Thesis
# Available at http://blog.sciencenet.cn/upload/blog/file/2009/3/20093320521938772.pdf
representatives = [
SBox([0x4, 0x0, 0x1, 0xF, 0x2, 0xB, 0x6, 0x7, 0x3, 0x9, 0xA, 0x5, 0xC, 0xD, 0xE, 0x8]),
SBox([0x8, 0x0, 0x1, 0xC, 0x2, 0x5, 0x6, 0x9, 0x4, 0x3, 0xA, 0xB, 0x7, 0xD, 0xE, 0xF]),
SBox([0x8, 0x0, 0x1, 0xC, 0xF, 0x5, 0x6, 0x7, 0x4, 0x3, 0xA, 0xB, 0x9, 0xD, 0xE, 0x2]),
SBox([0x2, 0x0, 0x1, 0x8, 0x3, 0xD, 0x6, 0x7, 0x4, 0x9, 0xA, 0x5, 0xC, 0xB, 0xE, 0xF]),